multipaz/org.multipaz.trustmanagement/TrustManager

TrustManager

class TrustManager(storage: Storage, val identifier: String = "default", partitionId: String = "default_") : TrustManagerInterface

A robust, thread-safe implementation of TrustManagerInterface that securely manages and persists trust points (X.509 Certificates, VICALs, and RICALs).

This manager is backed by a persistent Storage instance and uses an internal Mutex to guarantee memory consistency across highly concurrent read and write operations. It also exposes an eventFlow that external components can observe to reactively update their state whenever trust entries are added, modified, or deleted.

Parameters

storage

the Storage interface used for persistent storage.

identifier

an identifier for the TrustManagerInterface.

partitionId

an identifier used to namespace data if multiple TrustManager instances share the same storage.

Constructors

TrustManager

constructor(storage: Storage, identifier: String = "default", partitionId: String = "default_")

Types

Companion

object Companion

Properties

eventFlow

val eventFlow: SharedFlow<Unit>

A reactive stream of events emitted whenever the underlying trust data changes. Observers can collect this flow to know when to refresh their cached UI states.

identifier

open override val identifier: String

Functions

addRical

suspend fun addRical(encodedSignedRical: ByteString, metadata: TrustMetadata): TrustEntryRical

Adds a signed RICAL (Reader Issuer Certificate Authority List) to the trust manager.

addVical

suspend fun addVical(encodedSignedVical: ByteString, metadata: TrustMetadata): TrustEntryVical

Adds a signed VICAL (Verified Issuer Certificate Authority List) to the trust manager.

addX509Cert

suspend fun addX509Cert(certificate: X509Cert, metadata: TrustMetadata): TrustEntryX509Cert

Adds a standalone X.509 certificate to the trust manager.

deleteAll

suspend fun deleteAll()

Purges all managed trust entries from this partition and clears the memory cache. Warning: This operation is irreversible.

deleteEntry

suspend fun deleteEntry(entry: TrustEntry): Boolean

Deletes a specific TrustEntry from both memory and persistent storage.

getEntries

suspend fun getEntries(): List<TrustEntry>

Retrieves all high-level TrustEntry items currently managed, sorted chronologically by the time they were added.

getTrustPoints

open suspend override fun getTrustPoints(): List<TrustPoint>

Retrieves a flattened list of all TrustPoints currently managed. This includes standalone X.509 certificates as well as individual certificates embedded within managed VICALs and RICALs.

updateMetadata

suspend fun updateMetadata(entry: TrustEntry, metadata: TrustMetadata): TrustEntry

Updates the mutable TrustMetadata associated with an existing TrustEntry.

updateRical

suspend fun updateRical(entry: TrustEntryRical, encodedSignedRical: ByteString): TrustEntryRical

Updates the underlying byte data of an existing RICAL entry while preserving its metadata.

updateVical

suspend fun updateVical(entry: TrustEntryVical, encodedSignedVical: ByteString): TrustEntryVical

Updates the underlying byte data of an existing VICAL entry while preserving its metadata.

verify

open suspend override fun verify(chain: List<X509Cert>, atTime: Instant): TrustResult

Evaluates a given X.509 certificate chain against all managed trust points to determine if it is trusted.